Malware classification techniques typically rely on available knowledge to classify a file as malicious or benign. For instance, in anomaly-based detection, existing knowledge of normal, non-malicious behavior may be used to identify files that exhibit anomalous behavior. A file may be classified as malicious if the file exhibits any behavior that differs from what is known as normal behavior. By contrast, signature-based detection may rely on a repository of signatures (e.g., snippets of program code) that are known to be associated with one or more malicious files. Here, the presence of one or more signatures in a file may indicate that the file is malicious. The effectiveness of a malware classifier tends to be limited by the knowledge that is available to the malware classifier. As such, malware classifiers generally lack the knowledge to correctly classify new (e.g., zero-day) and/or uncommon malware.